== What is a Firewall?== Firewall is a network security system that filters and controls the traffic on a predetermined set of rules. This is an intermediary system between the device and the internet. == How the Firewall of Linux works: == Most of the Linux distro’s ship with default firewall tools that can be used to configure them. We will be using “IPTables” the default tool provided in Linux to establish a firewall. Iptables is used to set up, maintain and inspect the tables of the IPv4 and IPv6 packet filter rules in the Linux Kernel. = iptables Lab = In this lab, you will setup a Basic Firewall Rules with iptables. == Chains :- == Chains are a set of rules defined for a particular task. We have three chains(set of rules) which are used to process the traffic:- 1. INPUT Chains[[BR]] 2. OUTPUT Chains[[BR]] 3. FORWARD Chains[[BR]] == 1. INPUT Chains == Any traffic coming from the internet(network) towards your local machine has to go through the input chains. That means they have to go through all the rules that have been set up in the Input chain. == 2. OUTPUT Chains == Any traffic going from your local machine to the internet needs to go through the output chains. == 3. FORWARD Chain == Any traffic which is coming from the external network and going to another network needs to go through the forward chain. It is used when two or more computers are connected and we want to send data between them. == Different Policies :- == There are three actions which the iptables can perform on the traffic 1.ACCEPT[[BR]] 2.DROP[[BR]] 3.REJECT[[BR]] === 1. ACCEPT === When traffic passes the rules in its specified chain, then the iptable accepts the traffic. That means it opens up the gate and allows the person to go inside the kingdom of Thanos. === 2. DROP === When the traffic is unable to pass the rules in its specified chain, the iptable blocks that traffic. That means the firewall is closed. === 3. REJECT === This type of action is similar to the drop action but it sends a message to the sender of the traffic stating that the data transfer has failed. As a general rule, use REJECT when you want the other end to know the port is unreachable’ use DROP for connections to hosts you don’t want people to see. '''NOTE:- You need to keep in mind a simple rule here:-[[BR]] The Rules you set in the iptables are checked from the topmost rules to the bottom. Whenever a packet passes any of the top rules, it is allowed to pass the firewall. The lower rules are not checked. So be careful while setting up rules.''' = Basic iptables commands : = To list the rules of the current iptables:-[[BR]] {{{ sudo iptables -L }}} The Output would be:- image As you can see, we have three chains (INPUT, FORWARD, OUTPUT). We can also see column headers, but they are no actual rules. This is because most of the Linux come with no predefined rules. Let see what each column mean.